Airworthiness cybersecurity of remotely piloted aircraft systems (RPAS) – Draft Advisory Circular 21-57 v1.0

Overview

We’re seeking your feedback on the draft advisory circular (AC) for airworthiness cybersecurity of remotely piloted aircraft systems (RPAS).

Airworthiness cybersecurity protects aviation information systems from cyber threats, especially intentional unauthorised electronic interactions that could affect aviation safety.

Who this is for

The draft AC 21-57 v1.0 is intended to provide guidance and information to original equipment manufacturers of RPAS. It can also assist RPAS operators to understand important aspects of airworthiness cybersecurity.

In scope

This AC considers airworthiness cybersecurity at the aircraft level. This includes:

• airborne subsystems that are installed within the remotely piloted aircraft (RPA)
• ground-based sub-systems that directly support an RPA flight operation, such as the remote pilot station (RPS) or ground control station (GCS)
• command and control (C2) links between the RPS or GCS and the RPA
• other supporting infrastructure needed to safely control the RPA in flight.

The guidance material focuses on the cybersecurity of safety-critical RPAS subsystems, such as:

• flight controllers
• sensors and actuators
• surveillance and navigation equipment
• command and control (C2) links
• mission systems.

Out of scope

The guidance does not address organisational or enterprise-wide cybersecurity.

For general information on cybersecurity, see the:

• Australian Signals Directorate (ASD) Information Security Manual
• US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0.

Using this guidance

Industry should use the methods and approaches in the guidance in a way that matches the risk of your proposed RPAS operation. The guidance does not add additional requirements, beyond those already identified by established operational approval methodologies (such as SORA).

Why your views matter

We are seeking feedback as to whether:

• the content and structure of the guidance provided is clear and sufficient
• it is fit for the purpose for supporting airworthiness cybersecurity considerations.

We recognise how valuable your contribution is to the regulatory development process. Your feedback will increase our understanding of your needs and whether the draft AC provides adequate guidance on airworthiness cybersecurity for RPAS.

How to submit feedback

Please submit your comments on the draft AC through the Consultation Hub using the survey provided. If you are unable to provide feedback this way, please email us at regulatoryconsultation@casa.gov.au.

Please read the AC document before providing your feedback.

What happens next

At the end of the response period, we will:

• review all comments received
• make responses publicly available on the consultation hub (unless you request your submission remain confidential)
• publish a Summary of Consultation which summarises the feedback received and outlines any intended changes and next steps.

Feedback that improves the guidance will be incorporated into the final guidance.

Related Documents

All relevant documents are attached in the ‘Related’ section at the bottom of the overview page. They are:

• Draft AC 21-57 v1.0
• MS Word copy of online consultation for ease of distribution and feedback within your organisation.